Description

Job Title: Member of Technical Staff (MTS) - Cloud Security Automation Engineer

Location: New York, NY; San Francisco, CA

About the Team

The Shared Team DNA While every member of our team has a distinct focus area, we are all "T-shaped" engineers who learn from one another. Regardless of your title, you must share our collective passion for:

• Customer Focus: Treating internal developers as our primary customers and prioritizing their velocity and user experience.

• Automation: Eradicating manual toil and "ticket-ops" via GitOps and AI-augmented workflows.

• Security: Believing that security should be "shifted left" and built into the code, not bolted on as an afterthought.

• SRE Mindset: Engineering for failure, prioritizing self-healing systems, and maintaining a 99.999% availability standard.

• Observability: Relying on telemetry, centralized logging, and ChatOps to proactively identify and resolve issues.

About the Role

As our Cloud Security Automation Engineer, you are responsible for ensuring that our high-velocity platform remains impenetrable. While the SRE team builds the automation engine, you build the brakes and the guardrails. You will translate dense compliance frameworks (like NIST 800-53) and strict corporate data policies into automated, programmatic rules. You will "feed the brain" of our AI agents and Policy-as-Code engines, ensuring that any infrastructure deployed by our developers is validated for security and compliance before it ever reaches production.

Your Impact - Responsibilities

• Policy-as-Code: Write, test, and maintain the exact rules (e.g., OPA/Rego) that evaluate developer Pull Requests to ensure they meet Mission-Critical data classification standards.

• AI Agent Management: Maintain and update the knowledge base and rule sets used by our AI-augmented GitOps agents, ensuring they are instantly aware of newly released internal security standards.

• Preventative & Detective Guardrails: Implement programmatic boundaries (e.g., Service Control Policies) to restrict unauthorized regions, mandate encryption, and enforce a strict "Private-by-Default" network posture.

• Continuous Compliance & Observability: Ensure that all operational and audit telemetry is aggregated into centralized, tamper-proof storage, and monitor aggregated threat detection dashboards to resolve anomalies.

Minimum Qualifications

• Bachelor's degree in Computer Science, Computer Engineering, Software Engineering or relevant work experience

• 4+ years of experience in cloud security, DevSecOps, or security automation engineering.

• Hands-on experience writing and deploying Policy-as-Code (e.g., Open Policy Agent, Rego, Sentinel).

• Deep understanding of enterprise cloud security constructs, centralized policy enforcement, and KMS cryptography.

• Familiarity with translating rigorous compliance frameworks (e.g., NIST SP 800-53, FedRAMP, SOC2) into automated technical controls.

• Strong scripting skills (Python, bash) for developing automated security remediation lambda functions.

*LI-Y

For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.